Account HACKED

[RawkuFrost]

Early this morning my Account was hacked and it would seem my email was changed... I NEVER got a verification email or ANYTHING from NCSoft. I cant access the account at all.

On top of that my CC that was linked was stolen and charged.

 

Is there ANYTHING I can do to get my account back? I'm still waiting on a reply from NCSoft.

[Aeorie]

You should contact your credit card company/bank asap... and did you activate the 2-step verification before?

[RawkuFrost]

CC company has already been taken care off, and No i never activated the 2-step.

[Nurpler]

21 minutes ago, RawkuFrost said:

 No i never activated the 2-step.

There's your prob

[DomiSotto]

2 minutes ago, Nurpler said:

There's your prob

What's 2-step verification?

[staahpxDD]

11 minutes ago, DomiSotto said:

What's 2-step verification?

"  When you enable 2-Step Verification (also known as two-factor authentication), you add an extra layer of security to your account. You sign in with something you know (your password) and something you have (a code sent to your phone). "

I think it also mean that when a hacker tries to hack your account, he can't accessed it without a verification code that was sent to your phone.

[DomiSotto]

Oh. I don't have a phone. It would be weird to get one to avoid hacking your computer game account.

[MinaTakashi]

Since 2 Step verification is pretty much worthless and useless because a hacker that gets into your account (you do not need the second pin send to your phone to access your account through the website) can easily and without you noticing, change that thing on and off.

 

At least that is what you can read from reddit where peoples accounts got hacked even using that 2 step verification.

[Aeorie]

23 minutes ago, MinaTakashi said:

Since 2 Step verification is pretty much worthless and useless because a hacker that gets into your account (you do not need the second pin send to your phone to access your account through the website) can easily and without you noticing, change that thing on and off.

 

At least that is what you can read from reddit where peoples accounts got hacked even using that 2 step verification.

It's true you can log into your account through the website without the 2-step but you can't remove that feature without the verification code or access to your email (just checked).

[Giggle]

Maybe you shouldn't buy gold/powerleveling, or give out your user/pass. cause currently those are the only 2 ways for someone to compromise your account. No program has the resources to just steal your account and a keylogger would mean you tried to download a bot/hack/went on a shady BnS website specifically made to steal BnS accounts.

[Naekuh]

5 minutes ago, Giggle said:

Maybe you shouldn't buy gold/powerleveling, or give out your user/pass. cause currently those are the only 2 ways for someone to compromise your account. No program has the resources to just steal your account and a keylogger would mean you tried to download a bot/hack/went on a shady BnS website specifically made to steal BnS accounts.

you are so wrong..

 

there are again MANY posts on reddit on how easy it is to hack the website. 

The posts here have all been deleted by the Mods, to hide this issue.

 

So before you start sprouting nonsense or trying to play white horse, how about doing some research.

Its a serious problem when you see these many posts stating there account got hacked and Credit card being illegally charged.  

[Giggle]

17 minutes ago, Naekuh said:

you are so wrong..

 

there are again MANY posts on reddit on how easy it is to hack the website. 

The posts here have all been deleted by the Mods, to hide this issue.

 

So before you start sprouting nonsense or trying to play white horse, how about doing some research.

Its a serious problem when you see these many posts stating there account got hacked and Credit card being illegally charged.  

This is LITERALLY impossible, computer science is my major, hell NETWORK SECURITY is my specialization, this CANNOT be done. The ONLY way to gain access to someone's account is common/reused passwords, keyloggers, social engineering or a "trusted friend" messing up.

 

What you are describing is brute force, and to quote a text book on the subject:

 

"Attackers could only use such brute-force methods if they had local access to your data — for example, let’s say you were storing an encrypted file in your Dropbox account and attackers gained access to it and downloaded the encrypted file. They could then try to Brute-force the encryption, essentially trying every single password combination until one works."

 

^^^^^This is an offline method and a very unrealistic one, requiring the account in question to be an offline one(AKA not an MMO/website account)

 

So before YOU spout nonsense on a subject you CLEARLY have NO education beyond video games about, go take a few courses on the matter.

 

TL;DR

Unless the ENTIRE NCSOFT WEBSITE is compromised via SQL Injection(which it isn't or else the hackers would just steal/cheat via database instead of bots/accounts) it just isn't possible.

 

P.S: Reddit?....REALLY?....smh

[Skyfire]

2 hours ago, Nurpler said:

There's your prob

no No NO!  That is NOT his problem. Two-step verification is trash. It protects nothing! Say I am a co** sucking hacker and I just cracked your password. Once logged in I will change your email to my VOLATILE untraceable email.  I will now access your account and REMOVE the two-step authentication! It will ask me to enter in the authentication number before I can remove it. On that screen I click the fu** you button and it will instead ask me for a secret code sent to the email on file.  The email on file is the new email I just entered that I have access to, from where I grab the verification code, enter it, and remove your authenticator.

 

I now have access to your characters from where I'll steal all your gold and attempt to charge your credit card (in game).  I will also check to see if you stored your credit card on the website and if so wipe out your bank account.

 

If you ask for your money back from NCSoft they may drag their feet. If you do a back charge from your bank NCSoft will permanently ban your account.  If the credit card on file is a debit card, the bank has the right to tell you to go pound sand; you are at their mercy although most will want to keep you as a customer.  If it's a major credit card not associated with a bank debit card you have 60 days.  NOTE!! Remember all those informercials who ask you to try their product for 90 days or your money back? 90 days because after 60 they can tell you to fk off and there isn't a thing you can do about it if you used a credit card.

 

Similarly NCSoft may drag their feet for that duration and you may end up with nothing at all anyway.

 

So what CAN you do?  Two things:

 

1) Change your email every 90 days. By such, hackers will be unable to change your email since it has a 90 day lockout period, thus they will be unable to remove your two-step login process; your characters are safe!

 

2) Send in a support ticket to billing department and ask them to remove all credit cards on file from your account. They will ask you for the last 4 digits of the active credit card for ...verification purposes?  Now hackers can't charge your bank. If you want NCCoin, but codes from Amazon or use PayPal, but why would you want to support a company that supports cheaters, hackers, and cyber criminals?

 

Also if they ban your account because of a back charge from your bank, go directly to Better Business Buearu and expose this borderline fraudulent publisher. Don't worry, at this point your account will be banned anyway.

1 hour ago, Aeorie said:

It's true you can log into your account through the website without the 2-step but you can't remove that feature without the verification code or access to your email (just checked).

And hacker can change your email prior to this thus still remove it.  See my post above how to protect yourself.

[orianthi]

1 hour ago, Aeorie said:

It's true you can log into your account through the website without the 2-step but you can't remove that feature without the verification code or access to your email (just checked).

  correct, BUT you can change the e-mail first and then remove the 2 step as any verification code is sent to the 'new' e-mail, this was one of the many proved and fully explained methods to steal accounts on Reddit, This is what the poster trying to explain,  to log into the game you need the 2 step codes etc, BUT to log into your NC account management page you do not, which then leaves you free to change the e-mail and also remove the 2 step  ALL without verification to the 'original' (your) e-mail. and as mentioned above these were posted on these very forums to warn and educate players, but were removed soon after by moderators.

 

 This is what people were and are trying to explain, it as nothing to do with logging into the game and it does not matter how much security you have on your game login when hackers can just log into the main account management page and change/remove it all.

 

 Also explained was that the only way to stop your account from being stolen was to change you e-mail every 90 days, which puts it on a 90 day cooldown before it can be changed again, this does  mean though your account could be 'hijacked' but not stolen.

 

 

[Aeorie]

Alright I understand now... So the safest way right now is to change the email whenever option becomes available to avoid hackers from changing it. Honestly NCSoft, what is so hard about activating the 2-step for the website log in?

 

Anyway to the OP, I hope you get your account (and stuff) back and if ever decide to put your trust in this game again then make sure to take steps to strengthen your account security..

 

[MinaTakashi]

Its not really in NCsofts business if you choose a bad and easy to guess password.

 

Also another thing that i wonder is. I just tried and changed the IP of my Router by reconnecting the internet ( in germany we get that 24h auto reconnect/disconnect feature from out ISPs) and after doing so i had to enter a new location verification PIN send to my email, not only for my website account but also for my ingame. 

So that for me looks like the first thing that is strange with every "hacked" account. The attacker has to have access to the email address already so they can get above that required verification Pin. Which means that the email account has been compromized as well already.

[Avenger]

Greetings,

 

As stated by Omeed and as a reminder we strongly recommend you to:

 

• Use a unique password for every account.
• Do not share passwords across accounts.
• Do not include common words, especially words like “password” or “user.”
• Use a mixture of upper and lowercase letters, numbers, and symbols.  Or use four to six words that have no relation to each other.

 

You can be sure this is monitored very carefully, and everything will be done to protect your account!

 

Regards,

Team Blade & Soul.

[GreenDestiny]

Just as important as above don't buy gold again or use hacks.

[Giggle]

Hope the OP learned his lesson on buying gold or signing up for strange websites.

[Tupac Shakur]

1 hour ago, Giggle said:

Hope the OP learned his lesson on buying gold or signing up for strange websites.

You don't know if they bought gold or not. Why assume so? you're ignorant. 

[Giggle]

1 hour ago, Tupac Shakur said:

You don't know if they bought gold or not. Why assume so? you're ignorant. 

If you read my above post, the only way your account could be compromised is by either being stupid careless (giving account info away), Or participating in "black market" activities that are against the website's TOS.

 

Ex. Attempted to get hacks/gold, sign up for website using your email and your password is the same as your email's(common habit)

[nichii]

some cases of hacking are which you posses weak strength password. Also back to the initial topic of the post starter, you have a credit card but you don't posses  a phone? what are you like Y2k millenium era or could it be the CC is supplimentary card from your parents. 

 

Most which i mean by most cases of hacked account is causes by keylogger and also by someone close to you or whom knew your login username. But there are some circumstances they do hack directly into your network and leaves a tracer so they can actually evedrops on your activities and pick it up from there. It could be from any website not necessary from a gold seller website. 

 

Internet is a blackhole of possibilities xD

[Giggle]

3 hours ago, nichii said:

But there are some circumstances they do hack directly into your network and leaves a tracer so they can actually evedrops on your activities and pick it up from there.

This is only possible by doing exactly what i stated above, they cant just grab your IP and get on your network(unless you have remote access enable which is not standard on a router so if you enabled you hopefully would know what you're doing and make a good psswd)

[Bezerko]

On 4/19/2016 at 3:51 PM, Giggle said:

Maybe you shouldn't buy gold/powerleveling, or give out your user/pass. cause currently those are the only 2 ways for someone to compromise your account. No program has the resources to just steal your account and a keylogger would mean you tried to download a bot/hack/went on a shady BnS website specifically made to steal BnS accounts.

There are plenty of ways to have your account compromised without doing anything wrong on your part.  I wouldn't go around assuming that it's automatically the victim's fault without proof.  You know what they say about people who ass-u-me stuff.

[Giggle]

4 hours ago, Bezerko said:

There are plenty of ways to have your account compromised without doing anything wrong on your part.  I wouldn't go around assuming that it's automatically the victim's fault without proof.  You know what they say about people who ass-u-me stuff.

In my line of work (Network Forensics and Intrusion Investigation) I've never once in my life had a case where it wasn't the user's fault,here go ahead and test it, make an account on a website, then never use the email/account/password again, and come back in 2 years, it'll be there untouched.

 

HOW PEOPLE STEAL YOUR BNS ACCOUNT:

1) You gave it to a friend

2) You signed up for a fan-site and used the same email/password so they just used that to change your BnS acc

3) You signed up for a gold/hack site and ^^^^^^ happened there

4) You clicked on an advertisement on a site that redirected you (with a keylogger) to the real BnS site and you logged in

5) Magical faeries used their super powers to just steal your information! Or maybe a keypad cracker like on the movies! Or the guy who types really fast in the CMD prompt and somehow has access to everything!

6)Common password that could be dictionary cracked(Ex. EggMuffin) which can't be done as each password entry has an encryption

 

HOW ENCRYPTION OF PASSWORDS ON YOUR COMPUTER WORK:

1)You type in pass Trick2G2 and enter

2)A random encryption is created (Ex. 6m485vI)

3) Any tracable info looks like this 6T8Gm4kcI8ir2v2 from encryption merging/randomizing

 

^^^^^Knowing this you can see why the GMs are telling you uppercase and lowercase letters and numbers should be added, it adds a ton of confusion on someone logging your network actions(which wouldn't happen in the first place unless you visited one of the listed sites above)

 

This isn't the movies guys, stealing your account is a LOT less glamorous than "elite hacking skills", if they found an exploit in the databse they wouldn't need your acc, they would just steal a GMs, change gold values to 9999, or reroute currency to a bank account.